Alex Crichton [Fri, 31 Oct 2014 17:49:04 +0000 (10:49 -0700)]
Implement the `links` manifest key
This commit adds the `links` manifest key as a string of a C library which is
being linked to. This is passed as an argument to the build command when not
overridden. The implementation of overrides will come soon!
bors [Fri, 31 Oct 2014 20:44:47 +0000 (20:44 +0000)]
auto merge of #773 : alexcrichton/cargo/update-all-packages-from-a-git-repo, r=brson
With the recent resolve rewrite, `cargo update -p foo` would only update one
package in a git repository, even if the repository provided many packages.
Cargo does not currently support depending on the same git repository source
with different precise revisions, and this would cause errors down the line
depending on what happened.
This adds a fix to the `resolve_with_previous` method to ensure that any
non-registry sources being updated will not have any locked packages inside them
which would result in an invalid lockfile.
Alex Crichton [Wed, 29 Oct 2014 18:42:45 +0000 (11:42 -0700)]
Be sure to update all packages from a git source
With the recent resolve rewrite, `cargo update -p foo` would only update one
package in a git repository, even if the repository provided many packages.
Cargo does not currently support depending on the same git repository source
with different precise revisions, and this would cause errors down the line
depending on what happened.
This adds a fix to the `resolve_with_previous` method to ensure that any
non-registry sources being updated will not have any locked packages inside them
which would result in an invalid lockfile.
Alex Crichton [Tue, 28 Oct 2014 15:32:54 +0000 (08:32 -0700)]
Update curl-rust to handle SSL config for linuxes
Right now the cargo built on the snapshot bot isn't able to talk to the registry
due to failing to validate the SSL certificate. This is likely due to the
certificate path being hardcoded to something that's compatible with CentOS
(which isn't what I'm running locally).
I've modified curl-rust to use openssl-static-sys to probe the system for where
certificates are located and inform handles by default about the found
locations. This is the same strategy that git2-rs uses to inform openssl about
where the certificates are located.
Tomas Sedovic [Mon, 27 Oct 2014 21:49:20 +0000 (22:49 +0100)]
Add `--name` and `--example` to cargo run
This lets us compile and run examples using `cargo run --example NAME`.
Selecting the other binary targets is now done using the `--name` flag.
`cargo run` falls back to the old behaviour (running the only bin target
in the project, failing if there are more) in neither `--name` nor
`--example` are present.
bors [Mon, 27 Oct 2014 23:49:37 +0000 (23:49 +0000)]
auto merge of #767 : alexcrichton/cargo/issue-637, r=wycats
Each dependency itself already has the precise source listed, and we're
guaranteed that for each (source, name) pair that there is exactly one
dependency, so there is always a way to rebuild the precise dependency graph
after the fact by looking up the (source, name) pair in the hash map.
This should help with some of the readability concerns in #637 because the git
SHA that a source is locked to is now only mentioned once in a lockfile.
This commit does preserve, however, the mention of the version in each
dependency line which will likely never go away. This means that for
registry-based packages will still run into the same lockfile merge conflict
troubles, there will just be more readable versions than git hashes.
It should also be noted that this will alter all currently generated lockfiles
as any dependencies mentioned will lose the hashes mentioned afterwards. This
will likely cause somewhat of a transitionary pain as this version of cargo
propagates throughout.
Alex Crichton [Mon, 27 Oct 2014 18:54:48 +0000 (11:54 -0700)]
Don't encode precise in lockfile dep pointers
Each dependency itself already has the precise source listed, and we're
guaranteed that for each (source, name) pair that there is exactly one
dependency, so there is always a way to rebuild the precise dependency graph
after the fact by looking up the (source, name) pair in the hash map.
This should help with some of the readability concerns in #637 because the git
SHA that a source is locked to is now only mentioned once in a lockfile.
This commit does preserve, however, the mention of the version in each
dependency line which will likely never go away. This means that for
registry-based packages will still run into the same lockfile merge conflict
troubles, there will just be more readable versions than git hashes.
It should also be noted that this will alter all currently generated lockfiles
as any dependencies mentioned will lose the hashes mentioned afterwards. This
will likely cause somewhat of a transitionary pain as this version of cargo
propagates throughout.
bors [Mon, 27 Oct 2014 22:43:26 +0000 (22:43 +0000)]
auto merge of #758 : alexcrichton/cargo/issue-751, r=brson
This ends up killing two birds with one stone! The rationale behind this is that
the example and bin namespaces are not the same, and we don't mix metadata into
either filename, so the outputs need to be in different locations.
bors [Mon, 27 Oct 2014 20:41:25 +0000 (20:41 +0000)]
auto merge of #725 : alexcrichton/cargo/registry-fixes, r=brson
This PR contains a laundry list of improvements when using the registry as a source, and should be one of the last steps necessary for whipping cargo into shape to using the registry. Some of the highlights include:
* All APIs have been updated to the registry's current interface
* Lockfiles are now respected with registry sources
* Conservatively updating dependencies should work
* The network shouldn't be touched unless absolutely necessary
* Lockfiles actually keep versions locked when using a newer registry with more versions
* A new standalone lib was added for interoperating with the registry (HTTP-request-wise)
* Packages are now verified before being published to the registry (this can be opted out of)
* `cargo upload` was renamed to `cargo publish`
The commit series is intended to be individually reviewable and each commit should compile and pass all tests independently (but still needs to be applied in order).
Alex Crichton [Fri, 24 Oct 2014 16:18:19 +0000 (09:18 -0700)]
Build examples into `target/examples`
This ends up killing two birds with one stone! The rationale behind this is that
the example and bin namespaces are not the same, and we don't mix metadata into
either filename, so the outputs need to be in different locations.
Alex Crichton [Thu, 23 Oct 2014 19:21:08 +0000 (12:21 -0700)]
Respect yanks in the registry
In general the semantics of a yank are that the code itself is not removed from
the registry, but rather packages are no longer allowed to depend on the
version. A yank is normally done to remove broken code or perhaps secrets, but
actually deleting code means that all packages depending on the yanked version
all of a sudden break. For these reasons a yank does not actually delete code,
but only flags the version as yanked in the index.
Yanked packages are therefore able to be depended upon if a lockfile points at a
yanked version, but are not allowed to become new dependencies of packages.
Implementation-wise, the following changes were made:
* SourceIds originating from a lockfile for registries will have a precise
version listed (just a generic string "locked")
* Dependencies which use precise source ids are allowed to read yanked versions
* Dependencies without a precise source id are not allowed to use yanked
versions
When using a lockfile (or a previous instance of resolve), all operations will
rewrite dependencies to have the precise source ids where applicable, meaning
the locked versions have access to yanked versions, but the unlocked versions do
not.
Alex Crichton [Thu, 23 Oct 2014 19:12:03 +0000 (12:12 -0700)]
Fix a flaky test relying on nondeterminsm
When updating a source with multiple packages, the registry will lazily discover
both the precise and imprecise versions of the source at some point. Previously
the source would be updated depending on which was discovered first, but this
commit adds logic to understand that if an imprecise version is discovered after
a precise version then the imprecise version should be favored (because it will
always trigger an update).
This needs to understand, however, that if `cargo update --precise` is used that
those sources should not be updated again, so the sources treated in
`add_sources` are considered "special" in the sense that they're locked and will
not be updated again.
Alex Crichton [Thu, 23 Oct 2014 17:38:44 +0000 (10:38 -0700)]
Integrate the lockfile and registry-based deps
This commit radically changes the approach of how lockfiles are handled in the
package registry and how resolve interacts with it. Previously "using a
lockfile" entailed just adding all of the precise sources to the registry and
relying on them not being updated to remain locked. This strategy does not work
out well for the registry, however, as one source can provide many many packages
and it may need to be updated for other reasons.
This new strategy is to rewrite instances of `Summary` in an on-demand fashion
to mention locked versions and sources wherever possible. This will ensure that
any relevant `Dependency` will end up having an exact version requirement as
well as a precise source to originate from (if possible). This rewriting is
performed in a few locations:
1. The top-level package has its dependencies rewritten to their precise
variants if the dependency still matches the precise variant. This covers the
case where a dependency was updated the the lockfile now needs to be updated.
2. Any `Summary` returned from the package registry which matches a locked
`PackageId` will unconditionally have all of its dependencies rewritten to
their precise variants. This is done because any previously locked package
must remain locked during resolution.
3. Any `Summary` which points at a package which was not previously locked still
has its dependencies modified to point at any matching locked package. This
is done to ensure that updates are as conservative as possible.
There are still two outstanding problems with lockfiles and the registry which
this commit does not attempt to solve:
* Yanked versions are not respected
* The registry is still unconditionally updated on all compiles.
Alex Crichton [Thu, 23 Oct 2014 05:18:49 +0000 (22:18 -0700)]
Restructure resolve/lockfile ops
Move functionality from cargo_fetch and cargo_generate_lockfile into dedicated
lockfile/resolve modules. The plan is to expand the resolve module significantly
to deal with the lockfile that's loaded.
Alex Crichton [Wed, 22 Oct 2014 22:21:34 +0000 (15:21 -0700)]
Don't seed Registry with known source ids
In the normal case this isn't necessary due to the Registry dynamically
discovering sources when dependencies are queried for. Consequently there's no
need to register all these sources ahead-of-time, and it reduces the cognitive
load when thinking about sources and updates.
Alex Crichton [Wed, 22 Oct 2014 22:05:49 +0000 (15:05 -0700)]
Remove the hokey add_lockfile_sources
This method shouldn't be necessary as it should be possible to simply add all
sources known in the lockfile to a package registry, and
core::{resolve, registry} should take care of weeding them out if necessary.
In the process of doing so, this actually ends up fixing a problem with
rewriting a dependency to a new one which shares transitive deps. Previously all
the transitive deps were updated, but now the transitive deps remain locked at
where they were previously locked.
Alex Crichton [Sat, 27 Sep 2014 04:14:46 +0000 (21:14 -0700)]
Update how cargo talks to the registry
This commit includes a laundry list of updates and tweaks to reflect the current
API of the registry:
* `registry.host` has been renamed to `registry.index`
* New top-level manifest keys are now accepted:
* `homepage` - url
* `documentation` - url
* `repository` - url
* `description` - a markdown-less blurb
* `license` - string (verified by the registry on upload)
* `keywords` - string array
* `readme` - string pointing at a file
* Authors are now uploaded to the registry
* The upload format to the registry has changed to a body json payload
* Unpacking tarballs respects the executable bit for scripts and such.
* Downloading now follows redirects to go to S3.
* The download URL for a package has changed slightly.
* Verify path dependencies have a version listed when being uploaded
* Rename `upload` to `publish`
* Rename `ops::cargo_upload` to `ops::registry`
* Add a new `registry` package for interoperating with the registry
* Add the ability to modify owners via `cargo owner`
* Add a `readme` key to the manifest, and upload its contents to the registry.
* Add the ability to yank crates and their versions
* When packaging a library, verify that it builds from the packaged source by
unpacking the tarball and simulate running `cargo build` inside of it.
bors [Fri, 24 Oct 2014 15:59:59 +0000 (15:59 +0000)]
auto merge of #750 : alexcrichton/cargo/no-more-travis-32, r=alexcrichton
This has been broken for quite awhile now on 32-bit linux due to what looks like
libcurl going awry. This can be reactivated later, but consistently green travis
builds are more important right now.
Additionally, we already have coverage on the buildbots for 32-bit flavors of
architectures.
Alex Crichton [Thu, 23 Oct 2014 20:24:16 +0000 (13:24 -0700)]
Stop testing 32-bit on travis
This has been broken for quite awhile now on 32-bit linux due to what looks like
libcurl going awry. This can be reactivated later, but consistently green travis
builds are more important right now.
Additionally, we already have coverage on the buildbots for 32-bit flavors of
architectures.
bors [Wed, 22 Oct 2014 19:45:38 +0000 (19:45 +0000)]
auto merge of #710 : alexcrichton/cargo/metadata, r=wycats
In terms of future compatibility, Cargo may wish to add more information to
lockfiles in the future. For example, the minimum required Rust version may one
day be encoded into a lockfile.
One of the major goals of a lockfile is for it to rarely change, and when it
does change the diffs should be minimal. In terms of adding more information to
the lockfile in the future, this presents a problem for older Cargo clients:
1. Cargo 2.0 adds a minimum required version of rust under the metadata.rustc
key of the lockfile.
2. Cargo 1.0 is then used to update the `foo` dependency in the lockfile. When
regenerating the lockfile, Cargo 1.0 discards the metadata inserted by Cargo
2.0.
In order to future-proof ourselves in allowing new metadata in the future, Cargo
is growing support now for transporting an opaque payload of metadata from one
version of a lockfile to a new versions. This should solve the problem presented
above.
This metadata section is designed to be safely ignored by older Cargo versions
(may just have some surprising behavior), while still allowing newer versions of
Cargo to process the data. For example Cargo 2.0 would gracefully fail on an
out-of-date rustc, while Cargo 1.0 may just present an obscure error message.
Alex Crichton [Wed, 15 Oct 2014 23:18:43 +0000 (16:18 -0700)]
Add a metadata section to the lockfile
In terms of future compatibility, Cargo may wish to add more information to
lockfiles in the future. For example, the minimum required Rust version may one
day be encoded into a lockfile.
One of the major goals of a lockfile is for it to rarely change, and when it
does change the diffs should be minimal. In terms of adding more information to
the lockfile in the future, this presents a problem for older Cargo clients:
1. Cargo 2.0 adds a minimum required version of rust under the metadata.rustc
key of the lockfile.
2. Cargo 1.0 is then used to update the `foo` dependency in the lockfile. When
regenerating the lockfile, Cargo 1.0 discards the metadata inserted by Cargo
2.0.
In order to future-proof ourselves in allowing new metadata in the future, Cargo
is growing support now for transporting an opaque payload of metadata from one
version of a lockfile to a new versions. This should solve the problem presented
above.
This metadata section is designed to be safely ignored by older Cargo versions
(may just have some surprising behavior), while still allowing newer versions of
Cargo to process the data. For example Cargo 2.0 would gracefully fail on an
out-of-date rustc, while Cargo 1.0 may just present an obscure error message.
bors [Wed, 22 Oct 2014 19:14:21 +0000 (19:14 +0000)]
auto merge of #717 : alexcrichton/cargo/souped-up-resolve, r=wycats
This series of commits is rebased on top of https://github.com/rust-lang/cargo/pull/712 to avoid conflicts, and it adds the ability to solve version constraints as part of the resolution process. This is a critical step forward in bringing the registry online as it makes it possible for cargo to figure out what to do in the face of many uploaded versions of a package to the registry.
Alex Crichton [Fri, 17 Oct 2014 19:23:10 +0000 (12:23 -0700)]
Avoid visiting deps too often in resolve
If we're activating an already-active version of a dependency, then there's no
need to actually recurse into it. Instead, we can skip it if we're not enabling
any extra features in it to avoid extraneous recursion.
Alex Crichton [Fri, 17 Oct 2014 18:50:18 +0000 (11:50 -0700)]
Continue reducing clone costs
Share the `visited` hash set among all contexts, just be sure to maintain it
across failures. Also put all Summary structures into an `Rc` as they're cloned
quite frequently.
Alex Crichton [Fri, 17 Oct 2014 18:48:57 +0000 (11:48 -0700)]
Make SourceId cheap to clone
Like PackageId, these are cloned quite often, so this moves them into an Arc to
make them cheap to clone. This also removes the public fields in favor of
accessors.
Alex Crichton [Fri, 17 Oct 2014 18:47:33 +0000 (11:47 -0700)]
Make PackageId cheap to clone
These are cloned a massive number of times during resolution, so let's make them
much cheaper to clone with an Arc. This uses Arc instead of Rc because the
fiddly bits in job_queue have a PackageId cross task boundaries for parallelism.
projects / cargo.git / log